Domain: wonderhowto.com
Stories and comments across the archive that link to wonderhowto.com.
Comments · 30
-
Re:How is China solving this dillema
The TSA has backdoors in luggage locks.
Sounds like a good reason for not allowing backdoored encryption.
I always just use zip ties, because then I will know that they where in there.
I really hope you are joking.
-
Re:How is China solving this dillema
The TSA has backdoors in luggage locks.
Sounds like a good reason for not allowing backdoored encryption.
I always just use zip ties, because then I will know that they where in there.
I really hope you are joking.
-
Re:See, they did not leak any data.
In case anyone else is curious: It's Pentalobular though, not to place too fine a penta-pedant on it.
-
Re:an attacker has physical access to the machine
The other claim was that this was not common knowledge, but I'm pretty sure it's common knowledge that USB keyboards exist and drivers for them are standard install on most any operating system.
That's not the claim being made.
If someone wants to claim that it's not common knowledge that keyboard emulators can fit in a device that can be disguised as a flash drive then that might be something that could stand up.
That is the claim, and I would say it's a very safe claim to make.
But then someone would have to be engineered to plug in a flash drive and for some reason allow the device to "drive" the computer until the payload was delivered. If the person doing this was aware that the device would do this, such as being a party to the crack attempt, then this is still not something unique to USB. Such a person could easily be engineered to plug a device into a PS/2 port.
I disagree; Giving someone files on a USB stick is such a common and natural thing to do that the vast majority of people wouldn't think twice about it. Just leaving one lying around might be enough, and it may be possible to install a hack on a user's own USB stick if you can get brief access to it.
Giving someone a dongle to plug into a port that they may have never used on their computer (and increasingly isn't even present) would already be more suspicious, and only give you keyboard access with nothing else.
If the crack needed access to files then include a CD-ROM as part of the attack, or floppy disk because now we're going back in time to old school cracks that predate USB. Again such things can be addressed with things like controlling access to storage devices at the driver level.
With a USB device you can emulate a keyboard, mouse, multiple storage devices and a network device all on a single stick. It's both a lot more powerful and a lot more discreet.
I don't see this as something that cannot be fixed at the driver level. Keeping out network and storage devices is trivial at the driver level, just disable the drivers.
The only one most people don't routinely use is USB networking device, disabling USB storage for most people isn't going to be practical, and disabling USB Keyboard and Mouse drivers is pretty much out of the question these days.
but then the person with the device must almost certainly be in on the attack,
Again I disagree, USB sticks are too commonly used.
especially if there is a need at any time to enter a password such as changing important settings or installing software.
Passwords should stop it, but there are many things an attacker could do with just user level access with a command prompt, and if they have access to any unpatched privilege escalation bugs then that sidesteps the password issue.
Yes these USB "vulnerabilities" don't offer anything you technically couldn't do by sitting down in front of the machine with your own keyboard, mouse, network and storage devices, but the unique thing is they can do it much quicker, much more discreetly, and it's much easier to trick someone else into running the exploit for you.
-
Re:wrong direction
the "one plug for everything" trend that began with USB Type C is a step in the wrong direction.
Yes. It's bad for security. Suppose a friend asks you to copy a file onto a USB stick. Temporarily forget about exploits in filesystem code when reading corrupt filesystems. Since USB can work as either storage or a keyboard, your friend might have caught a USB stick controller firmware virus that emulates a keyboard and types things that exploit you.
Now suppose a port can connect either storage or a video card. Video cards use PCIe. Instead of a keyboard, the malicious stick now has hardware debugger access to physical RAM and can establish persistence on your machine without exploiting the OS, like Thunderstrike 2:
What to do? Avoid plugging untrusted Thunderbolt devices into your Mac, for example if someone you don’t know offers to lend you a network adaptor at a conference.
It's difficult to make use of this kind of speed, like 1/10th of RAM bandwidth, through a hardware interface with small attack surface because it requires offloading intelligence from the CPU which means giving discretion to the hardware. The right way to create a security boundary while preserving speed is with a network interface, ex. Infiniband's "verbs," that explicitly post buffers that will be written into. USB's history is more generic. If they're just jacking the speed without transforming it into basically a network interface, then either it won't deliver the speed for applications other than storage, or it will leave users exposed to Thunderstrike 3. I hope it's the former but am pretty sure it's the latter.
It will be like BadUSB times nine thousand.
-
Re:Good to know
For you; https://landscaping.wonderhowt...
-
Re:patching without source code
-
Re: Like suing McDonald's for hot coffee
From the second link above:
Plaintiffs' expert, a scholar in thermodynamics applied to human skin burns, testified that liquids, at 180 degrees, will cause a full thickness burn to human skin in two to seven seconds. Other testimony showed that as the temperature decreases toward 155 degrees, the extent of the burn relative to that temperature decreases exponentially. Thus, if Liebeck's spill had involved coffee at 155 degrees, the liquid would have cooled and given her time to avoid a serious burn.
A full thickness burn is another term for a third degree burn.
The exposed muscle was from what I was taught as a Boy Scout, this page seems to show it pretty well:
http://know-your-body.wonderho...
The blisters and skin can fall away exposing the musculature underneath as the whole skin covering has been damaged beyond your body's ability to repair it. They can even be fatal as bleeding will proceed pretty quickly if it is not treated properly. Take a look at the pictures in that article, the one with the white hand is the third degree burn.
-
It's all about "inmate" actions
When the "inmates" as you call them (even though they can come or go as they please) are prone to strapping on explosive to the drone and piloting into something like an Ice Cream parlor, or schools as Hamas does with rocketsl, why yes - it may be a good idea to limit the (rephrased) "animals" from having ways to kill yet more innocent civilians just because they are Jewish.
-
Re:Assumes it ever lived
And Android is effectively a monoculture too, everybody just gets their apps from Google Play, the same as if it was the Apple store.
I gotta stop you right there. Sure, I get a lot of apps from Google Play but I also get a fair amount from the Amazon Android Store, or I could very easily install any app I wanted to from any source (which, depending on the source, might be foolish, but still... Android barely tries to stop me from doing it).
-
Re: iBore 6.0
Samsung animated photo and htc zoe. Seek the truth and ye shall find it.
The article on the Samsung S4's new "Animated Photo" feature marks it at 2013, hardly "Half a decade ago". Plus, it produces massive 8.5 MB animated GIFs that are only 800 x 450. Ick! Perhaps that resolution has increased with later models; but when it was introduced, it certainly wasn't spectacular by any measure. And it's COMPLICATED and somewhat finiky to use.
As far as the HTC Zoe: That's an APP, and thus doesn't count. Heck, it even runs on iOS; so it's HARDLY a built-in feature for ANY Android device!
Because, as far as Animated GIF APPs go, the Apple App Store lists SEVERAL, some of which are SURE to pre-date the Samsung and HTC offerings. In fact, I find one for iOS, LoopCam, that has a reference on Google dated 11/30/2011.
Prove me wrong, or STFU. -
Re:Kentucky Man
That leaves more evidence and is less fun than something like http://fear-of-lightning.wonde...
-
Re:Master key
-
Re:Keyboard
In the keyboard: Commodore-64
In a phone: Apple iPhone
In the monitor: Apple
In a flower-pot: Apple ("daisy monitor")
In a flash drive: pendrivelinux.com
In a mouse-pad: ?
In a power cord: ?
In a toaster: http://www.embeddedarm.com/sof...
In eye-glasses: Google-glass
In undies/bra: ?
In a coffee mug: ?
In a coffee maker: http://null-byte.wonderhowto.c...
In head-phones: ?
In a hat? (red hat :-)
In green-eggs-and-ham: ? -
Re:Can we hold the froth first?
Not necessarily. There are multiple other syncing software packages that you can use instead of iTunes to put and maintain the music on your iPod.
Two examples found immediately with a quick google search:
How to Put Music on Your iPhone Without Using iTunes
Hereâ(TM)s Five Alternatives to iTunes 10 for Easily Managing Your iPod
-
Wikipedia.
There are many good tips here, mainly Linux distributions. But one tip I don't see, I would bring all of Wikipedia with me. Wikipedia can be downloaded, and then read either on a computer or in specialized e-readers. How to download Wikipedia . And, The Wikipedia Page. Good luck.
-
Re:Third option
without admitting that there was a problem.
Revisionist much? They never denied it, they just pointed out that it's a problem with every single smartphone ever made.
-
Re:Predictable
Wifi is so totally secure:
I mean... Where would I find someone who knows how to crack the mighty WPA2-PSK you probably use to secure your whole network?
How could you possibly think any wireless communications are secure anywhere? *especially* blue-tooth and WiFi.
-
Re:Fine...
But not until my $1,200 3d printer can print me a girlfriend.
Idid go Googling for a "3d shape file artificial vagina" for your printer, and I'd be flat-out astonished if it had never been done before. But I got as far as this and decided to stop.
-
obligatory "encrypt it, lamer" post
-
Re:Some possibilities....
Here is QvsR rated as level easy: http://board-games.wonderhowto.com/how-to/beat-rook-with-queen-chess-endgames-224673/
Kasparov was able to defeat Deep Blue in 1996, so I call bull on your claim that 30 years ago he lost to QvsR scenario. http://en.wikipedia.org/wiki/Deep_Blue_(chess_computer)
Enough of this crap. If you think I do not know what I am talking about, come and play me in the advance lounge of yahoo chess, my alias is schneidafunk. I am on there everyday and as of right now I am rated at 1945.
You can verify I have a high rating and you can see fools mate used as a CAPTCHA test and then you can apologize.
If you disagree with me, then put up your rating info and a way to verify it. If you are high enough rated I will play you in a game of chess, but will probably test you first to see you are not using a chess program. -
Re:Some possibilities....
30 moves in a set pattern at an end game, and that is mostly just getting into position, just like a bishop & knight mate. I do not believe a supposed grandmaster would fail and the moves would look exactly the same as a computer. Here it is rated as level easy: http://board-games.wonderhowto.com/how-to/beat-rook-with-queen-chess-endgames-224673/
As far as losing to fools mate, as soon as a person proves to be a person by skipping the obvious mate, then I resign and start a real game with the person. It is a good enough method to sort out the cheaters when I am playing for fun. -
Re:Seeing how most companies won't migrate...
There are several utilities (here's one) that show the taskbar on the start screen. You can customize windows 8 to your heart's desire.
-
Re:Sad
-
Creepy but already possible
You don't need to ask permission, you only need to know how to google. Lots of people install cameras and leave them wide open for anyone to view.
Search for anything with inurl:/view.shtmlThis has been known for a long time.
There is even a bunch of blogs and videos detailing exactly how to do this:
http://www.mydigitallife.info/hack-to-search-and-view-free-live-webcam-with-google-search/
http://www.wonderhowto.com/how-to-view-live-cams-through-google-155767/ -
Re:About time someone invented
Already available if you have a soldering iron.
http://www.wonderhowto.com/how-to-add-led-lights-avoid-speed-detection-while-driving-222857/ -
Re:Back on topic...
Calm down big guy, I only threw it out there only as a half baked Idea.
Personally, I do trust Microsoft more than Apple, they are far more open and less restrictive. But that's a side topic.
Microsoft does not have a 30% share of the handset market. They don't make any phones.
So they would be hard pressed to implement this even if they wanted to.Apple could implement it on their own phones but only by doing a certain amount of damage to their brand.
The whole thing makes no sense, UNLESS it was going to be MANDATORY across all
cell phones.The only way that could happen is if it was built into the camera module themselves, which are
typically manufactured by third parties, not by phone manufacturers themselves.
If someone wanted to make it mandatory, then Apple holding the patent stands to make a lot of
money, or block the deal with patent fights.All I'm really saying is Apple would be unlikely to add this to their phones and damage their brand
unless all phones were to have it.Its really not needed, because there are other ways.
-
Re:Well, I *was* looking forward to watching this.
I dunno, though, it just seems like they could have done something new (at least new to the show) that would be just as engaging. Like debunking the professor's use of coconuts to power a radio on Gilligan's Island or something.
The Professor was a genius in the coconut-engineering arts, and I will not stand idly by while his good name is besmirched.
I challenge the Mythbusters to debunk that myth without resorting to pedantry.* Coconut milk is mildly acidic electrolytic solution. If you can power electronics using lemons and potatoes, you can power a radio using coconuts. Frankly, I don't think that it even constitutes a good challenge. Scale it up to charging the battery for the engine(s) on the S.S. Minnow and you might have something Mythbusters worthy.
*The power in these batteries comes from a redox reaction between the anode and cathode materials, rather than the food. You could power your radio with electrodes placed in saltwater rather than any of the lemons, potatoes, or coconuts and there's not going to be any make-it-or-break-it difference. However, coconut-engineering skills would have been more uniquely marketable to the likes of Tina Louise and Dawn Wells. Engineering might and business acumen all in one. Hail Roy Hinkley!
-
Re:Come on Google Maps
Or get your hands dirty with some DIY Drones?
Oh! - looks like somebody has already done it: http://www.wonderhowto.com/wonderment/flying-drone-captures-360-interactive-view-gulf-oil-spill-0117314/ -
Pots and pans ain't nothing new...
I've seen stuff about people using woks and TV satellite dishes to boost signal power, so there's nothing surprising about saucepans doing it too. I'd be interested to see a comparison of these improvised devices with "proper" boosters. Would I be better off saving my money and just rigging up an old wok instead?